This is not quite the case. The Pi is using Pi-hole as DNS server on the loopback interface (127.0.0.1) on port 53. The Pi-hole, in turn, is using unbound as an upstream DNS server on a different port (5335) on the loopback.
Client (Pi in this case) > Pi-Hole > unbound and then back in reverse to the client.
This is why your Pi is using Pi-hole for DNS. Edit this file and change the nameserver to the server you want to use (or servers, with multiple lines).
youre right!, i typed too soon leading into dinner.... when i referred to what was my upstream server. i was thinking in reference to my overall network, to which the upstream server is coded into the WAN DNS entry box of my router and not those caps... which are as you pointed out... the upstream for unbound.
You can use whatever nameserver you want. Using something other than Pi-hole has some advantages - if the Pi-hole fails, the Pi can still reach the internet for repairs, updates or to upload a debug log.
You can use the same DNS server as you use for Pi-hole upstream DNS. If you are happy with that DNS for the Pi-hole, it will be OK for the Pi.
solid point thankyou. something other than the pihole for failure scenario makes sense.
regarding 127.0.0.1, i just noticed a reddit thread where someone was wanting to learn how to verify his unbound was working... his dig output was also showing 127.0.0.1 as mine was.
They are using two different ports on the loopback. If your Pi uses Pi-hole as DNS, then the path is as follows:
Pi > Pi-hole via loopback port 53 > unbound via loopback port 5335 or 5353 (whichever you selected) > then back again to the Pi.
A requesting client won't see the queries made to unbound - those all come from Pi-hole. Clients see the IP of Pi-hole only (either the loopback or the network IP) and always on port 53.
